[GitHub] [airflow] ephraimbuddy commented on a change in pull request #15042: Add REST API auth flow for the new UI

Tue, 20 Apr 2021 09:55:08 -0700 


ephraimbuddy commented on a change in pull request #15042:
URL: https://github.com/apache/airflow/pull/15042#discussion_r616871633



##########
File path: airflow/www/security.py
##########
@@ -728,3 +735,102 @@ def check_authorization(
                 return False
 
         return True
+
+    # TODO: Whether to create APISecurityManager and move api related code to 
it?
+    def is_user_logged_in(self):
+        """Raise if user already logged in"""
+        if g.user is not None and g.user.is_authenticated:
+            raise Unauthenticated(detail="Client already authenticated")  # 
For security
+
+    def login_with_user_pass(self, username, password):
+        """Convenience method for user login through the API"""
+        self.is_user_logged_in()
+        if self.auth_type not in (AUTH_DB, AUTH_LDAP):
+            raise Unauthenticated(detail="Authentication type do not match")
+        user = None
+        if self.auth_type == AUTH_DB:
+            user = self.auth_user_db(username, password)
+        elif self.auth_type == AUTH_LDAP:
+            user = self.auth_user_ldap(username, password)
+        return user
+
+    def oauth_authorization_url(self, app, provider, redirect_url):
+        """Get authorization url for oauth"""
+        self.is_user_logged_in()
+        if self.auth_type != AUTH_OAUTH:
+            raise Unauthenticated(detail="Authentication type do not match")
+        state = jwt.encode(
+            request.args.to_dict(flat=False),
+            app.config["SECRET_KEY"],
+            algorithm="HS256",
+        )
+        auth_provider = self.oauth_remotes[provider]
+        try:
+
+            if provider == "twitter":
+                redirect_uri = redirect_url + f"&state={state}"
+                auth_data = 
auth_provider.create_authorization_url(redirect_uri=redirect_uri)
+                auth_provider.save_authorize_data(request, 
redirect_uri=redirect_uri, **auth_data)
+                return dict(auth_url=auth_data['url'])
+            else:
+                state = state.decode("ascii") if isinstance(state, bytes) else 
state
+                auth_data = auth_provider.create_authorization_url(
+                    redirect_uri=redirect_url,
+                    state=state,
+                )
+                auth_provider.save_authorize_data(request, 
redirect_uri=redirect_url, **auth_data)

Review comment:
       Yes, it does:
   
https://github.com/dpgaspar/Flask-AppBuilder/blob/27b15e59316e85e0fe62b8aa9978391ed4c729c9/flask_appbuilder/security/views.py#L653-L670




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to